Storing Confidential and Sensitive Information is a normal function of conducting business at the University. Employees shall only store CSI for legitimate business needs and those needs related to their individual job responsibilities.

On-site storage refers directly to CSI stored within any University facility.

1.

Employees Personal Belongings

The University will provide all personnel with a secure place to store personal belongings. Employees are responsible for keeping personal items secure during work hours.

2.

CSI Stored in a Workspace

Confidential and Sensitive Information stored in an office, cubicle, reception area, cash register, or other workspace must be kept in locked desks, cabinets, closets, or lockers when not in use.

3.

File Rooms and Storage Rooms

File and storage room doors must be closed and locked when unattended by authorized personnel.

4.

Records Storage

Company, customer, transaction, and service provider records will only be stored when there is a legitimate business need. Any records in storage beyond the legal statute of limitations will be appropriately disposed of by designated employees.

Company representatives shall only store CSI on University authorized computers, telecommunications, or other electronic devices. A list of approved equipment will be maintained by the companys Identity Theft Prevention Officer or Information Technology Professional.

1.

Encryption

All CSI stored on portable electronic devices or electronically transmitted must be encrypted.

2.

Portable Electronic Devices

Portable electronic devices must be secured when not in use. The physical security of these devices is the responsibility of the authorized user. These include laptop computers, cell phones (specifically smart phones), jump drives, thumb drives, external hard drives, etc.